pf problemer under bridging

From: Allan Jensen (none@unik1971--hotmail.com.lh.bsd-dk.dk)
Date: Wed 28 Apr 2004 - 22:17:47 CEST

Next message: Mikael Syska: "SV: pf problemer under bridging"
Previous message: Erik Nordström Andersen: "Re: Harddisk spin-down"
Next in thread: Mikael Syska: "SV: pf problemer under bridging"
Reply: Mikael Syska: "SV: pf problemer under bridging"
Reply: Jesper Louis Andersen: "Re: pf problemer under bridging"
Reply: Morten Liebach: "Re: pf problemer under bridging"
Reply: Flemming Laugaard: "Re: pf problemer under bridging"
Reply: Henrik Lund Kramshøj: "Re: pf problemer under bridging"
Maybe reply: Allan Jensen: "Re: pf problemer under bridging"
Maybe reply: Allan Jensen: "Re: pf problemer under bridging"
Maybe reply: Torben Wölm: "RE: pf problemer under bridging"
Maybe reply: Allan Jensen: "RE: pf problemer under bridging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

From: "Allan Jensen" <none@unik1971--hotmail.com.lh.bsd-dk.dk>
To: bsd-dk@bsd-dk.dk
Subject: pf problemer under bridging
Date: Wed, 28 Apr 2004 20:17:47 +0000

Jeg kører OpenBSD 3.3-stable. Jeg skal bruge den som firewall og har sat en
bridge op mellem xl0 (yderside) og em1 (inderside).

Min pf.conf ser ud som følgende:

---------------------------------------------------------------------------------------

pass in on em1 all
pass out on em1 all

#pass in quick on xl0 inet proto tcp from any to any port 22
#pass in quick on xl0 inet proto tcp from any to any port 25
#pass in quick on xl0 inet proto udp from any to any port 53
#pass in quick on xl0 inet proto tcp from any to any port 110
#pass in quick on xl0 inet proto tcp from any to any port 443
#pass in quick on xl0 inet proto tcp from any to any port 3128
#pass in quick on xl0 inet proto icmp all

#block in log quick on xl0 from any to any
pass in on xl0 all

#pass out quick on xl0 inet proto tcp from any to any port 22
#pass out quick on xl0 inet proto tcp from any to any port 25
#pass out quick on xl0 inet proto udp from any to any port 53
#pass out quick on xl0 inet proto tcp from any to any port 110
#pass out quick on xl0 inet proto tcp from any to any port 443
#pass out quick on xl0 inet proto tcp from any to any port 3128
#pass out quick on xl0 inet proto icmp all

#block out log quick on xl0 from any to any
pass out on xl0 all

---------------------------------------------------------------------------------------

På denne måde kan jeg godt få internetforbindelse på min client, som sidder
på em1, men når jeg begynder at tage reglerne i brug kan jeg hverken det ene
eller det andet på min client.
Når reglerne er taget i brug vil det se ud som følgende:

---------------------------------------------------------------------------------------

pass in on em1 all
pass out on em1 all

pass in quick on xl0 inet proto tcp from any to any port 22
pass in quick on xl0 inet proto tcp from any to any port 25
pass in quick on xl0 inet proto udp from any to any port 53
pass in quick on xl0 inet proto tcp from any to any port 110
pass in quick on xl0 inet proto tcp from any to any port 443
pass in quick on xl0 inet proto tcp from any to any port 3128
pass in quick on xl0 inet proto icmp all

block in log quick on xl0 from any to any
#pass in on xl0 all

pass out quick on xl0 inet proto tcp from any to any port 22
pass out quick on xl0 inet proto tcp from any to any port 25
pass out quick on xl0 inet proto udp from any to any port 53
pass out quick on xl0 inet proto tcp from any to any port 110
pass out quick on xl0 inet proto tcp from any to any port 443
pass out quick on xl0 inet proto tcp from any to any port 3128
pass out quick on xl0 inet proto icmp all

block out log quick on xl0 from any to any
#pass out on xl0 all

---------------------------------------------------------------------------------------

Jeg har fået det til at virke før på denne måde, hvor jeg brugte nat i
stedet for bridge. Jeg brugte selvfølgelig ikke "pass in on em1 all" og
"pass out on em1 all".

Jeg kan ikke lige gennemskue, hvorfor jeg er løbet ind i dette problem.

Er der nogen der kan hjælpe mig?

/Allan.

_________________________________________________________________
Få alle de nye og sjove ikoner med MSN Messenger http://www.msn.dk/messenger

Next message: Mikael Syska: "SV: pf problemer under bridging"
Previous message: Erik Nordström Andersen: "Re: Harddisk spin-down"
Next in thread: Mikael Syska: "SV: pf problemer under bridging"
Reply: Mikael Syska: "SV: pf problemer under bridging"
Reply: Jesper Louis Andersen: "Re: pf problemer under bridging"
Reply: Morten Liebach: "Re: pf problemer under bridging"
Reply: Flemming Laugaard: "Re: pf problemer under bridging"
Reply: Henrik Lund Kramshøj: "Re: pf problemer under bridging"
Maybe reply: Allan Jensen: "Re: pf problemer under bridging"
Maybe reply: Allan Jensen: "Re: pf problemer under bridging"
Maybe reply: Torben Wölm: "RE: pf problemer under bridging"
Maybe reply: Allan Jensen: "RE: pf problemer under bridging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:39 CET